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The role of internal audit 


►The ISPPIA defines internal auditing as "an independent, objective assurance and consulting diCiwxxy designed to 
add value and improve an organisation's operations. It helps an organisation accomplish its objectives hy bringing a 

systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and 
governance processes ' 

► What about post mSCOA? 
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The relationship between internal audit and program assurance 


ulrements Definition and Planning 






Solution Build 




Program assurance 


Is the project being executed in accordance with best 
project management practice and within the wider 
framework of the Municipality’s governance processes 
Ensuring that projects deiiver the value expected of them 
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Internal audit 


Governance processes - Assist the organisation in achieving its goais, creating 
and maintaining particuiar vaiues, through the appropriate accountability and 
by evaiuating processes that contribute to the achievement of these goais and 
values 

Internal control processes - While it is the responsibiiity of the reievant iine 
managers, the lAA should evaluate the existing controis in terms of their 
adequacy and effectiveness, assessing the change in the likelihood of any risk 
materialising and deveiop recommendations for their improvement. 

Risk management processes - Whiie a key responsibiiity of management and 
the Accounting Officer, Internai auditors shouid assist both management and 
the Audit Committee (AC) by examining, evaiuating and reporting on the 
adequacy and effectiveness of the risk management process 
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Project I Program Corporate 


Internal audit and program assurance 
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Council and 
relevant 
committees 


Key roles 

■■ CouncjL C'lheartbeat''): Responsible for providing overall portfolio and 
program direction. Accountable for corporate-level risk management. 

- Executive leaders'hip team: Provides program sponsorship, strategy and 
direction. Responsible for signnoff of scope; functional, technical and service 
solutions; and changes to spending.. Also responsible for monitoring of program 
plan, budget, risks, issues and change requests. 

- Portfolio risk committee:: Responsible and accou nta ble for providing overal I 
portfolio risk managen>ent oversight. Accountable for portfolio and progranvlei^l 
risk management. Seeks interventions to address any concerns across portfolio. 

■■ Audit committee: Assists the board by setting the agenda for and receiving 
reports related to the effectiveness of risk n^nagement on the project and the 
effectiveness of controls within key business processes. 

- Internal audit: Typically will have some responsibility for providing independent 
assurance to the audit committee on the effectiveness of internal controls within 
key business processes on change programs. 

- Steering committees: Responsible for ensuring strong buy-in for the solution 
and that all stakeholder groups are represented appropriately. Accountable for 
eiffective governance and planning, sign-off of quality deliverables and ensuring 
that the solution and business change meets business and user requirefivents. 

- Technical design authority: IRsponsible for technical review of solution and 
ensuring adherence to technical architecture principles of the organization. 
Program management office: Provides day-to-day management controls over 
the project, including management of project plan, budget, lisKs and issues. 
Responsible for communicating effectively with governance groups, raising risks 
and issues and required sign-offs. 

■■ Independent PRM: Responsible for independently reviewing and advising on the 
effectivmess of risk management at the program level, including effectiveness of 
mitigation strategies for key program risks. 

■■ Projec:t wonkst reams: Responsible for day-to-day project delivery and 
management of project risk. 
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An Example of a Programme/Project Governance Framework 


Client Environnnent 
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# 

Outcomes 

Increased 

predictability 


Greater 

confidence 


Improve 

transparency 


Enhanced 

accountability 


Enhanced 

capability 




Benefits 
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Review 


The critical role of Internal Audit — some activities 
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Assist in reviewing 
the accuracy and 
completeness of 
financial records in 
MSCOA 


and! 


Tetain 
evidence for 
external audit 



To the audit committee on the adequacy of the implementation and the controls in place to address the risks to implementation. 
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Your assessment needs will vary during the lifecycle of your programme(s) 


► A best practice PA process describes distinct review activities that will be applied to each phase of a programme 



Review activities and elements 
required to set up a programme 

► Assess capabilities and activities | 
are aligned to ensure delivery 

► Review of programme 
dependencies on the other 
major programmes 

► Validation of strategy; business 
case; benefits; financials and; 
planning to ensure the 
programme is fit for purpose, 
thus reducing the risk of 
programme scope creep 


Review programme 
management, governance 
arrangements, gateway reviews 
and their effectiveness 


► Review status of the programme, 
delivered benefits and assess 
the readiness to go to the next 
phase 


Undertake technical and 
operational risk assessments 
appropriate to phase, ensuring 
that risks have been identified, 
categorised and adequately 
mitigated 


Assess specific delivery 
processes and deliverables and 
provide detailed/expert 
response, e.g., supplier 
sourcing and performance 
management, end to end 
technical and business design/ 
architecture of the solution, 
testing strategies and outputs, 
business readiness 


U Assess the integrity of specific 
applications, processes, models 
or documents and their 
compliance with business 
objectives, regulatory 
requirements and operating 
model 


Assess if programme is being 
run correctly 


► Assess capabilities of senior 
programme resources to deliver 
the programme j 


Appraise high-level programme 
plans, requirements, designs, 
resources, costs, contingencies, 
controls approach and risk 


► Assess implications for the end 
customers , 


► 




Confirm that all appropriate 
programme management tools 
are effective and in use 


Done as needed in an in-flight 
programme 


Actions management by the 
project/programme comittee 
using the standard agenda ‘QA 
Actions’ 

Risks and associated 
remediation actions status 


► Overall Confidence to Deliver 
status and trend 

► Collation and maintenance in the 
QA Health Check repository of 
the above 
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To summarise 


► Given the impactof mSCOAon the municipality, program assurance is required to provide the Council and relevant 
committees with assurance that the project is being managed properly and will deliver the required outcomes with integrity. 

► Internal audit has a role in the implementation of mSCOA as a pure internal audit function. 

► Internal audit has a role to play in delivering some of the programme assurance in its capacity as an assurance provider and 
as an independent consultant, but 

► Will need to have the right skills 

► Ensure there is no self review going forward - Consider the benefit of using other municipal auditors to perform the 

work ( ie swopping lA departments for project related work) 

► mSCOA will change the game for the impact internal audit can have. 
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Contact details 



Sean Collins | Senior Manager | Advisory 
Ernst & Young Advisory Services (Pty) Ltd 
102 Rivonia Road, Sandton, Gauteng, South Africa 
Cell: +27 82 272 4428 
sean.collins@za.ev.com 
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